Posts Tagged ‘linux memory forensics’

Most Recent
 
Read More
2018-01-04

A List of Incident Response sources

A member of GitHub ‘meirwah’ has shared the good list of incident response sources (such us: tools, books, videos, communities, etc.).

 

259
 
Read More
2017-11-25

Linux File System Overview

N1GH7M4R3 has shared short and clearly overview of Linux File System.

He has described all system folders of the file system.

248
 
Read More
2016-06-15

Converting a memory image from raw to padded

There are several methods of acquiring a memory image from a Linux system – one of the most traditional being to image the current physical memory into a single file – In this case any non-system areas would need to be padded with zeros in order to maintain the representation of physical memory. Another method involves examining the /proc/iomem file (Linux will print the current map of the systems memory in this file) to identify which memory ranges are marked as System RAM, and copying / concatenating those ranges into one file. This results in a smaller file, but lacks the representation of physical memory.

The problem we have and the reason this article and Python code has [...]

164
 
Read More
2016-05-17

Linux memory forensic acquisition

With release of such tools as Volatility, acquiring RAM images becomes really useful.

1114
Latest Headlines
 
Read More
664
 
Read More
372
 
Read More
746

Trending Topics
digital forensics
computer forensics
Articles
mobile forensics
DFIR
digital forensics software
Android forensics
windows forensics
incident response
Top Stories
 
 
Right Now
 
bstrings 1.0 released
Top Five
Heat Index
 
1
Decrypting encrypted WhatsApp databases without the key
 
2
How to Make the Forensic Image of the Hard Drive
 
3
Extracting data from SmartSwitch backups
 
4
Forensic tools for your Mac
 
5
An Overview of Web Browser Forensics